Reply AI ("we", "us", "our") is a Chrome extension and backend service that generates AI-powered replies to Google Business Profile reviews. This Privacy Policy explains what data we collect, why we collect it, and how you can control it.
The short version: We collect only what we need to generate replies and count usage. We never sell your data. Review content is processed to generate a reply and is not stored on our servers beyond the immediate API call. We do not read your Google account or access any data other than the review text you trigger on.
By installing the Reply AI Chrome extension or using our service at replyai.ca, you agree to this policy.
The Reply AI extension stores the following in Chrome's local storage (chrome.storage.local). This data never leaves your device unless explicitly sent to our servers as part of a reply request.
When you click "Reply for me", the following is sent to our backend at replyai-backend-production-e6fd.up.railway.app:
We do not collect or transmit: your Google account credentials, your Google Business Profile ID, your location, your IP address beyond what is technically required for the HTTPS connection, or any payment information.
Our server logs aggregate, anonymous counts: total replies generated, error rates, and average processing times. These cannot be linked back to any individual user or business.
We use the data described above for exactly three purposes:
We never use your data for advertising, profiling, or any purpose beyond the above.
Review text and other inputs sent to generate a reply are processed in memory and not written to any database or persistent log. Once the reply is generated and returned to your browser, the input data is discarded.
Settings data stored in chrome.storage.local (business name, brand voice, usage counts) lives on your device. It is deleted automatically when you uninstall the extension. You can also clear it manually via Chrome's extension storage settings at any time.
If you upgrade to a paid plan, we store your email address and subscription status in our user database (hosted on Supabase in the EU-West-1 region). This data is retained for the duration of your subscription and for up to 90 days after cancellation, after which it is permanently deleted.
We share data with the following third-party services, limited to what is necessary:
We do not sell, rent, or share your personal data with any other third party for any purpose.
Depending on where you are located, you may have the following rights regarding your personal data:
To exercise any of these rights, email nick@replyai.ca. We will respond within 30 days.
If you are in the United Kingdom or European Economic Area, you also have the right to lodge a complaint with your local data protection authority.
Reply AI is not directed at children under 13 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it immediately.
All data transmitted between the extension and our servers is encrypted using HTTPS/TLS. Our backend enforces rate limits and CORS restrictions to prevent abuse. Paid subscriber data in Supabase is encrypted at rest.
No method of transmission over the internet is 100% secure. While we take reasonable steps to protect your data, we cannot guarantee absolute security and encourage you to use strong, unique passwords for any accounts.
We may update this Privacy Policy from time to time. When we do, we'll update the "Last updated" date at the top of this page. If the changes are significant, we'll notify users via the extension or email (for paid subscribers). Continuing to use Reply AI after changes are posted constitutes acceptance of the updated policy.
If you have any questions about this Privacy Policy or how we handle your data, we want to hear from you.
Reach Nick directly at Reply AI. We respond to all privacy enquiries within 2 business days.
nick@replyai.caReply AI • replyai.ca